From

Thank you

Sorry

Web acceleration company Akamai today announced Version 2.0 of its Kona Site Defender service, which adds new ways for clients to protect themselves against denial-of-service attacks.

Launched about a year ago, Kona takes advantage of Akamai's outsized network and server infrastructure, which is usually used to provide Web and application acceleration services -- Security Vice President John Summers says the company handles roughly 10 terabits per second of traffic on a good day.

"We're able to leverage that scale now for the security use case, as well as for the site acceleration use case," he says.

Akamai's raw capacity -- the company runs more than 120,000 individual servers, across 1,100 networks in 74 countries -- is often an effective defense against denial-of-service attacks, allowing it to simply soak up attack traffic in many cases. But Kona adds purpose-built anti-DoS features designed to counter modern attack techniques.

The initial version, in addition to capping fees for the burst capacity a DoS victim might require at $5,000 per month (absorbing a larger DoS attack at the company's pre-set rates could otherwise cost millions, according to Summers), provided a common rule set used to identify likely malicious traffic, and introduced a security monitoring apparatus along with Web application firewall capabilities.

"It's the fastest-growing new business area for Akamai ever," he says.

Three of Kona 2.0's new capabilities, according to Akamai, are particularly important. First, the new version refines its basic WAF technology, introducing a more sophisticated "anomaly scoring" system for identifying attack traffic. Second, it adds a user validation module -- essentially an under-the-hood "CAPTCHA" system for user agents, which asks them to perform complex math or execute simple JavaScript. If they can't, the system flags them as potentially malicious.

Finally, thanks to improved visibility and traffic analysis, Kona 2.0 is able to provide more fine-grained rate and behavioral controls -- meaning that the system can ostensibly tell the difference between, say, a major enterprise proxy attempting to access a site for a large number of real users and a malicious bot.

"By adding security features on top of [existing Akamai offerings], that just gives ... customers more confidence that they'll be able to do the types of transactional business on the Internet that they're accustomed to," says Forrester analyst John Kindervag. "It's aggregation of the various capabilities into a single service that provides value."

Kona 2.0 is available now, and is priced based on bandwidth and the number of sites protected. List price for up to five sites and 75Mbps is $15,000 per month.